Verizon's new app launcher brings spyware to all its Android phones, says EFF

Verizon's impending release of a new app launcher for Android called AppFlash has some privacy experts worried, as the launcher collects a lot of personal information for advertising.

Image: iStockphoto/Nastco

As Verizon prepares to roll out the AppFlash app launcher to all of its Android users, the company is essentially putting spyware on its subscribers phones, according to the Electronic Frontier Foundation (EFF). The launcher will track what apps users have downloaded so it can provide more relevant ads, the group stated.

According to the EFF, Verizon's use of AppFlash is a "display of wireless carriers' stunning willingness to compromise the security and privacy of their customers by installing spyware on end devices."

In late March, Verizon announced that it was working with app search technology provider Evie to create AppFlash as the default search experience for Android users on Verizon. As reported by TechCrunch, when users swipe left from their home screen, they will be able to access the search features or recommendation of AppFlash.

As pointed out by Corbin Davenport on Android Police, the new launcher doesn't really offer any functionality above and beyond what the standard Google Search is capable of. That could give weight to the theory that it exists solely for information collection and advertising purposes.

Another concern is the AppFlash Privacy Policy itself, posted on the Verizon website here. Here's what information the policy said is collected:

We collect information about your device and your use of the AppFlash services. This information includes your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them. We also access information about the list of apps you have on your device.

With your permission, AppFlash also collects information about your device's precise location from your device operating system as well as contact information you store on your device.

Information is used to personalize user experiences on their mobile devices, "including the advertisements you see," the policy said. The policy also states that the information could be shared among other Verizon companies, such as AOL.

While this may sound concerning to some, the policy did say that users can control the collection of location and contact information in the settings, and that they can opt-out of targeted advertising.

"We are testing AppFlash to make app discovery better for consumers," according to a Verizon spokesperson. "The test is on a single phone - LG K20 V - and you have to opt-in to use the app. Or, you can easily disable the app. Nobody is required to use it. Verizon is committed to your privacy."

Outside of the privacy concerns, though, the EFF also said that AppFlash creates an increased attack surface for Android devices as well.

"You can bet that with Verizon rolling this app out to such a large number of devices, hackers will be probing it for vulnerabilities, to see if they can use it as a backdoor they can break into," the EFF's post said. "We sincerely hope Verizon has invested significant resources in ensuring that AppFlash is secure, because if it's not, the damage to Americans' cybersecurity could be disastrous."

Update: Since the publishing of this story, EFF reached out to TechRepublic to let us know that it has since removed its blog post, citing the same statement we quoted from the Verizon spokesperson. "Basically, we have to do some more research to figure out exactly what is going on," the EFF spokesperson said.

What do you think?

Is Verizon's use of AppFlash a concern? Why or why not? Tell us in the comments.

The 3 big takeaways for TechRepublic readers

Verizon will soon roll out a new launcher called AppFlash, that some privacy advocates have accused of being spyware.

The launcher tracks what apps users have installed, in order to provide relevant advertising for Android phones on Verizon.

Users can opt-out of the data collection, but the EFF said it believes the launcher presents a cybersecurity concern as well.

Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays